Researchers have identified a new method that no longer requires victims to enter a password to open a danger document, more readily exposing them to potential malware infection. Researchers from security firm Trustwave said they discovered a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The ploy is predictable and attempt to dupe users with themes ranging from fake invoices to COVID-19 related lures. In past campaigns, this type of attack uses a password-protected Excel document.
Source: https://threatpost.com/hackers-update-age-old-excel-4-0-macro-attack/154898/